More stories about Government

Customer data is being sold over the ‘dark net,’ says IAG boss | Insurance Business

An insurance giant’s chief executive has revealed that private customer data held by Australia’s financial institutions is being traded over the “dark net,” as he urged them to guard against cyber attacks that could bring hundreds of millions of dollars in losses.

The dark internet is usually used for nefarious purposes such as identity theft, spamming, phishing, malware, and hacking ̶ cybercrimes which, according to internet specialists, have intensified in the past few years.

IAG’s Peter Harmer said chief executives who believe they have a secure digital environment are “completely oblivious to the threat that is out there,” as he alerts them that the insurance giant had found data belonging to Australian organisations during its dark net sweeps, The Australian Financial Review reported.

Harmer said IAG is attacked 60 times every day, and that it often trawls its systems to spot unusual activity.

“We trawl the dark net looking for where our data might be up for sale and it’s amazing when you actually see what is being offered for sale,” he said during the AFR Banking & Wealth Summit.

“We haven’t found any of our data. All we’ve found is a couple of our employees’ names and addresses, so our view is that we are reasonably confident with the analysis, and being able to thwart the hackers coming into our system.”

“We’ve actually been able to alert some banks as well as other organisations that data has been available on the dark net,” he added.

But despite the increasing cyber threats, Hammer said the insurer opted to invest its money into its security system technology, instead of cyber insurance.

“The global capacity for protection is about $500 million, so most small to medium enterprises would only need about $5 million to $10 million,” he told AFR.

“But for a business like ours, $500 million wouldn’t touch the sides. If we had a major extraction of data that compromised our customers, the loss of market cap would make $500 million pale into insignificance.”

To prevent cyber attacks from happening, IAG has invested in a San Francisco-based Australian cyber security business, as part of its $75 million venture capital fund for technology, the report said.

“UpGuard has a piece of technology that you can deploy within your own technology stack, and it will search for potential weaknesses where you might be exposed to a cyber attack,” Harmer said.

“On the one hand you have an insurance product that you aim at the small to medium enterprise to cover the cost of recovery… but what’s more important is this whole ability to have more confidence around premier security and being able to detect a threat once it emerges and being able to respond to it.”